The Lens Newsletter - April 2025

Government publishes the 2025 Cyber Security Breaches Survey

On 10 April 2025, the Government published its latest Cyber Security Breaches Survey. The tenth edition of the study was commissioned by the Department for Science, Innovation and Technology (DSIT) and the Home Office and aims to summarise key... Read more 

ICO and CMA collaborate on foundation models

The ICO and the Competition and Markets Authority (CMA) have worked together for a number of years to enhance regulatory coherence and clarity where the data protection and competition regimes interact, including through their participation in... Read more 

ICO ransomware fine cut from £6m to £3.07m for NHS SaaS provider

Hot off the heels of its notice of intent to fine DNA company 23andMe £4.59m following a data breach, the ICO has fined Advanced Computer Software Group Ltd (Advanced) £3.07m for security failings identified following a ransomware attack. The... Read more 

Proposals published on the UK Cyber Security and Resilience Bill

On 1 April 2025, the government published a statement providing further detail on the UK’s upcoming Cyber Security and Resilience Bill. The Bill, which has been expected since the King's Speech last July, will draw considerably from the EU's... Read more 

It’s not fair: The impact of the CMA’s draft DMCC Act guidance on the online customer journey

On 6 April the majority of the unfair commercial practices (“UCP”) provisions in the Digital Markets, Competition and Consumers Act 2024 (the “DMCC Act”) are coming into force.  We previously reflected on the DMCC Act’s changes to the UK... Read more 

Why 2025 is the year to refresh your marketing compliance

The Information Commissioner’s Office (ICO) announced earlier this week that it will work with the UK Government on a regulatory review of the UK’s marketing rules to facilitate privacy friendly online advertising, as part of a package of... Read more 

Unpacking the ICO’s third edition of the Tech Horizon Report

The Information Commissioner’s Office (ICO) has published the third edition of its Tech Horizon Report, a series which helps organisations navigate the data protection implications of certain emerging technologies that are expected to be widely... Read more 

Podcast: The Impact of Operational Resilience on Digital Service Providers

What do regulatory initiatives to bolster operational resilience in the UK and EU mean for digital service providers? In this podcast, we discuss the impact of these regimes and consider how in-scope third parties will need to adapt for the first time to direct supervision by UK and EU financial services regulators. Listen here.